@@ -0,0 +1,21 @@ | |||||
<?php | |||||
define('AJAXLOGIN', TRUE); | |||||
define('DEDEADMIN', str_replace("\\", '/', dirname(__FILE__))); | |||||
require_once(DEDEADMIN.'/../system/common.inc.php'); | |||||
require_once(DEDEINC.'/userlogin.class.php'); | |||||
AjaxHead(); | |||||
$action = isset($action) && in_array($action, array('is_need_check_code'))? $action : ''; | |||||
if ($action === 'is_need_check_code') { | |||||
$cuserLogin = new userLogin(); | |||||
$isNeed = $cuserLogin->isNeedCheckCode($userid); | |||||
echo json_encode(array( | |||||
"code" => 0, | |||||
"msg" => "", | |||||
"data" => array( | |||||
"isNeed" => $isNeed, | |||||
), | |||||
)); | |||||
exit; | |||||
} |
@@ -0,0 +1,17 @@ | |||||
$(document).ready(function () { | |||||
$("#iptUserid").focusout(function () { | |||||
let userid = $(this).val(); | |||||
if (userid !== '') { | |||||
$.get("api.php?action=is_need_check_code&userid=" + userid, function (data) { | |||||
let rs = JSON.parse(data); | |||||
if (rs.code === 0) { | |||||
if (rs.data.isNeed) { | |||||
$("#vdimgck").show(); | |||||
} else { | |||||
$("#vdimgck").hide(); | |||||
} | |||||
} | |||||
}); | |||||
} | |||||
}) | |||||
}) |
@@ -38,10 +38,19 @@ if (preg_match('/admin\/login/i', $cururl)) { | |||||
$admindirs = explode('/', str_replace("\\", '/', dirname(__FILE__))); | $admindirs = explode('/', str_replace("\\", '/', dirname(__FILE__))); | ||||
$admindir = $admindirs[count($admindirs) - 1]; | $admindir = $admindirs[count($admindirs) - 1]; | ||||
if ($dopost == 'login') { | if ($dopost == 'login') { | ||||
$validate = empty($validate) ? '' : strtolower(trim($validate)); | |||||
$svali = strtolower(GetCkVdValue()); | |||||
$cuserLogin = new userLogin($admindir); | $cuserLogin = new userLogin($admindir); | ||||
if (!empty($userid) && !empty($pwd)) { | if (!empty($userid) && !empty($pwd)) { | ||||
$isNeed = $cuserLogin->isNeedCheckCode($userid); | |||||
if ($isNeed) { | |||||
$validate = empty($validate) ? '' : strtolower(trim($validate)); | |||||
$svali = strtolower(GetCkVdValue()); | |||||
if ($validate == '' || $validate != $svali) { | |||||
ResetVdValue(); | |||||
ShowMsg('验证码不正确', 'login.php', 0, 1000); | |||||
exit; | |||||
} | |||||
} | |||||
$res = $cuserLogin->checkUser($userid, $pwd); | $res = $cuserLogin->checkUser($userid, $pwd); | ||||
if ($res == 1) { | if ($res == 1) { | ||||
$cuserLogin->keepUser(); | $cuserLogin->keepUser(); | ||||
@@ -9,6 +9,8 @@ | |||||
<link rel="stylesheet" href="../static/web/css/bootstrap.min.css"> | <link rel="stylesheet" href="../static/web/css/bootstrap.min.css"> | ||||
<link rel="stylesheet" href="../static/web/font/css/font-awesome.min.css"> | <link rel="stylesheet" href="../static/web/font/css/font-awesome.min.css"> | ||||
<link rel="stylesheet" href="css/login.min.css"> | <link rel="stylesheet" href="css/login.min.css"> | ||||
<script src="../static/web/js/jquery.min.js"></script> | |||||
<script src="js/login.js"></script> | |||||
</head> | </head> | ||||
<body> | <body> | ||||
<?php if (preg_match('/MSIE/i',$_SERVER['HTTP_USER_AGENT']) || preg_match('/Trident/i',$_SERVER['HTTP_USER_AGENT'])) {?> | <?php if (preg_match('/MSIE/i',$_SERVER['HTTP_USER_AGENT']) || preg_match('/Trident/i',$_SERVER['HTTP_USER_AGENT'])) {?> | ||||
@@ -44,6 +46,13 @@ | |||||
<label for="iptPassword">密码</label> | <label for="iptPassword">密码</label> | ||||
<input type="password" name="pwd" id="iptPassword" class="form-control"> | <input type="password" name="pwd" id="iptPassword" class="form-control"> | ||||
</div> | </div> | ||||
<div id="vdimgck" class="form-group" style="display: none;"> | |||||
<label for="iptValidate">验证码</label> | |||||
<div class="input-group"> | |||||
<input type="text" name="validate" id="iptValidate" class="form-control text-uppercase"> | |||||
<img src="../apps/vdimgck.php" onclick="this.src='../apps/vdimgck.php?'+new Date().getTime()+Math.round(Math.random() * 10000)" title="验证码" id="validateimg"> | |||||
</div> | |||||
</div> | |||||
<div><button type="submit" class="btn btn-success w-100">登录</button></div> | <div><button type="submit" class="btn btn-success w-100">登录</button></div> | ||||
<div class="login-power"><?php echo $cfg_powerby;?></div> | <div class="login-power"><?php echo $cfg_powerby;?></div> | ||||
</form> | </form> | ||||
@@ -128,6 +128,7 @@ CREATE TABLE `#@__admin` ( | |||||
`typeid` text, | `typeid` text, | ||||
`logintime` int(10) unsigned NOT NULL default '0', | `logintime` int(10) unsigned NOT NULL default '0', | ||||
`loginip` varchar(46) NOT NULL default '', | `loginip` varchar(46) NOT NULL default '', | ||||
`loginerr` tinyint NULL DEFAULT 0, | |||||
PRIMARY KEY (`id`) | PRIMARY KEY (`id`) | ||||
) TYPE=MyISAM; | ) TYPE=MyISAM; | ||||
@@ -503,6 +504,7 @@ CREATE TABLE `#@__member` ( | |||||
`logintime` int(10) unsigned NOT NULL default '0', | `logintime` int(10) unsigned NOT NULL default '0', | ||||
`loginip` char(46) NOT NULL default '', | `loginip` char(46) NOT NULL default '', | ||||
`checkmail` smallint(6) NOT NULL default '-1', | `checkmail` smallint(6) NOT NULL default '-1', | ||||
`loginerr` tinyint NULL DEFAULT 0, | |||||
PRIMARY KEY (`mid`), | PRIMARY KEY (`mid`), | ||||
KEY `userid` (`userid`,`sex`), | KEY `userid` (`userid`,`sex`), | ||||
KEY `logintime` (`logintime`) | KEY `logintime` (`logintime`) | ||||
@@ -103,4 +103,6 @@ DELETE FROM `#@__sysconfig` WHERE `#@__sysconfig`.`varname` = 'cfg_disable_tags' | |||||
DELETE FROM `#@__sysconfig` WHERE `#@__sysconfig`.`varname` = 'cfg_vdcode_member'; | DELETE FROM `#@__sysconfig` WHERE `#@__sysconfig`.`varname` = 'cfg_vdcode_member'; | ||||
-- 6.2.0 | -- 6.2.0 | ||||
ALTER TABLE `#@__arctype` CHANGE COLUMN `iscross` `cross` tinyint(1) NOT NULL DEFAULT 0 AFTER `ishidden`; | |||||
ALTER TABLE `#@__arctype` CHANGE COLUMN `iscross` `cross` tinyint(1) NOT NULL DEFAULT 0 AFTER `ishidden`; | |||||
ALTER TABLE `#@__admin` ADD COLUMN `loginerr` tinyint NULL DEFAULT 0 AFTER `loginip`; | |||||
ALTER TABLE `#@__member` ADD COLUMN `loginerr` tinyint NULL DEFAULT 0 AFTER `checkmail`; |
@@ -0,0 +1,17 @@ | |||||
$(document).ready(function () { | |||||
$("#iptUserid").focusout(function () { | |||||
let userid = $(this).val(); | |||||
if (userid !== '') { | |||||
$.get("api.php?action=is_need_check_code&userid=" + userid, function (data) { | |||||
let rs = JSON.parse(data); | |||||
if (rs.code === 0) { | |||||
if (rs.data.isNeed) { | |||||
$("#vdimgck").show(); | |||||
} else { | |||||
$("#vdimgck").hide(); | |||||
} | |||||
} | |||||
}); | |||||
} | |||||
}) | |||||
}) |
@@ -391,8 +391,10 @@ class MemberLogin | |||||
$row = $dsql->GetOne("SELECT mid,matt,pwd,pwd_new,logintime FROM `#@__member` WHERE userid LIKE '$loginuser' "); | $row = $dsql->GetOne("SELECT mid,matt,pwd,pwd_new,logintime FROM `#@__member` WHERE userid LIKE '$loginuser' "); | ||||
if (is_array($row)) { | if (is_array($row)) { | ||||
if (!empty($row['pwd_new']) && !password_verify($loginpwd, $row['pwd_new'])) { | if (!empty($row['pwd_new']) && !password_verify($loginpwd, $row['pwd_new'])) { | ||||
$this->loginError($loginuser); | |||||
return -1; | return -1; | ||||
}else if (!empty($row['pwd']) && $this->GetShortPwd($row['pwd']) != $this->GetEncodePwd($loginpwd)) { | |||||
} else if (!empty($row['pwd']) && $this->GetShortPwd($row['pwd']) != $this->GetEncodePwd($loginpwd)) { | |||||
$this->loginError($loginuser); | |||||
return -1; | return -1; | ||||
} else { | } else { | ||||
if (empty($row['pwd_new']) && function_exists('password_hash')) { | if (empty($row['pwd_new']) && function_exists('password_hash')) { | ||||
@@ -413,6 +415,58 @@ class MemberLogin | |||||
return 0; | return 0; | ||||
} | } | ||||
} | } | ||||
/** | |||||
* 是否需要验证码 | |||||
* | |||||
* @param mixed $loginuser | |||||
* @return bool | |||||
*/ | |||||
function isNeedCheckCode($loginuser) | |||||
{ | |||||
$num = $this->getLoginError($loginuser); | |||||
return $num >= 3 ? true : false; | |||||
} | |||||
/** | |||||
* 1分钟以内登录错误的次数 | |||||
* | |||||
* @param mixed $loginuser | |||||
* @return int 登录错误次数 | |||||
*/ | |||||
function getLoginError($loginuser) | |||||
{ | |||||
global $dsql; | |||||
$rs = CheckUserID($loginuser, '用户名', FALSE); | |||||
//用户名不正确时返回验证错误,原登录名通过引用返回错误提示信息 | |||||
if ($rs != 'ok') { | |||||
return -1; | |||||
} | |||||
$row = $dsql->GetOne("SELECT loginerr,logintime FROM `#@__member` WHERE userid LIKE '$loginuser'"); | |||||
if (is_array($row)) { | |||||
//1分钟内如果输错3次则需要验证码 | |||||
return (time() - (int)$row['logintime']) < 60 ? (int)$row['loginerr'] : 0; | |||||
} else { | |||||
return -1; | |||||
} | |||||
} | |||||
/** | |||||
* 记录登录错误 | |||||
* | |||||
* @return void | |||||
*/ | |||||
function loginError($loginuser) | |||||
{ | |||||
global $dsql; | |||||
$rs = CheckUserID($loginuser, '用户名', FALSE); | |||||
//用户名不正确时返回验证错误,原登录名通过引用返回错误提示信息 | |||||
if ($rs != 'ok') { | |||||
return; | |||||
} | |||||
$loginip = GetIP(); | |||||
$inquery = "UPDATE `#@__member` SET loginip='$loginip',logintime='" . time() . "',loginerr=loginerr+1 WHERE userid='" . $loginuser . "'"; | |||||
$dsql->ExecuteNoneQuery($inquery); | |||||
} | |||||
/** | /** | ||||
* 保存用户cookie | * 保存用户cookie | ||||
* | * | ||||
@@ -431,7 +485,7 @@ class MemberLogin | |||||
$this->M_ID = $uid; | $this->M_ID = $uid; | ||||
$this->M_LoginTime = time(); | $this->M_LoginTime = time(); | ||||
$loginip = GetIP(); | $loginip = GetIP(); | ||||
$inquery = "UPDATE `#@__member` SET loginip='$loginip',logintime='".$this->M_LoginTime."' WHERE mid='".$uid."'"; | |||||
$inquery = "UPDATE `#@__member` SET loginip='$loginip',logintime='".$this->M_LoginTime."',loginerr=0 WHERE mid='".$uid."'"; | |||||
$dsql->ExecuteNoneQuery($inquery); | $dsql->ExecuteNoneQuery($inquery); | ||||
if ($this->M_KeepTime > 0) { | if ($this->M_KeepTime > 0) { | ||||
PutCookie('DedeUserID', $uid, $this->M_KeepTime); | PutCookie('DedeUserID', $uid, $this->M_KeepTime); | ||||
@@ -445,7 +499,7 @@ class MemberLogin | |||||
* 获得会员目前的状态 | * 获得会员目前的状态 | ||||
* | * | ||||
* @access public | * @access public | ||||
* @param string $dsql 数据库连接 | |||||
* @param object $dsql 数据库连接 | |||||
* @return string | * @return string | ||||
*/ | */ | ||||
function GetSta($dsql) | function GetSta($dsql) | ||||
@@ -106,10 +106,10 @@ function CheckCatalog($cid, $msg) | |||||
*/ | */ | ||||
function AddMyAddon($fid, $filename) | function AddMyAddon($fid, $filename) | ||||
{ | { | ||||
$cacheFile = DEDEDATA.'/cache/addon-'.session_id().'.inc'; | |||||
$cacheFile = DEDEDATA . '/cache/addon-' . session_id() . '.inc'; | |||||
if (!file_exists($cacheFile)) { | if (!file_exists($cacheFile)) { | ||||
$fp = fopen($cacheFile, 'w'); | $fp = fopen($cacheFile, 'w'); | ||||
fwrite($fp, '<'.'?php'."\r\n"); | |||||
fwrite($fp, '<' . '?php' . "\r\n"); | |||||
fwrite($fp, "\$myaddons = array();\r\n"); | fwrite($fp, "\$myaddons = array();\r\n"); | ||||
fwrite($fp, "\$maNum = 0;\r\n"); | fwrite($fp, "\$maNum = 0;\r\n"); | ||||
fclose($fp); | fclose($fp); | ||||
@@ -133,7 +133,7 @@ function AddMyAddon($fid, $filename) | |||||
function ClearMyAddon($aid = 0, $title = '') | function ClearMyAddon($aid = 0, $title = '') | ||||
{ | { | ||||
global $dsql; | global $dsql; | ||||
$cacheFile = DEDEDATA.'/cache/addon-'.session_id().'.inc'; | |||||
$cacheFile = DEDEDATA . '/cache/addon-' . session_id() . '.inc'; | |||||
$_SESSION['bigfile_info'] = array(); | $_SESSION['bigfile_info'] = array(); | ||||
$_SESSION['file_info'] = array(); | $_SESSION['file_info'] = array(); | ||||
if (!file_exists($cacheFile)) { | if (!file_exists($cacheFile)) { | ||||
@@ -212,16 +212,18 @@ class userLogin | |||||
$this->userName = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $username); | $this->userName = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $username); | ||||
$this->userPwd = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $userpwd); | $this->userPwd = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $userpwd); | ||||
$pwd = substr(md5($this->userPwd), 5, 20); | $pwd = substr(md5($this->userPwd), 5, 20); | ||||
$dsql->SetQuery("SELECT admin.*,atype.purviews FROM `#@__admin` admin LEFT JOIN `#@__admintype` atype ON atype.`rank`=admin.usertype WHERE admin.userid LIKE '".$this->userName."' LIMIT 0,1"); | |||||
$dsql->SetQuery("SELECT admin.*,atype.purviews FROM `#@__admin` admin LEFT JOIN `#@__admintype` atype ON atype.`rank`=admin.usertype WHERE admin.userid LIKE '" . $this->userName . "' LIMIT 0,1"); | |||||
$dsql->Execute(); | $dsql->Execute(); | ||||
$row = $dsql->GetObject(); | $row = $dsql->GetObject(); | ||||
if (!isset($row->pwd)) { | if (!isset($row->pwd)) { | ||||
return -1; | return -1; | ||||
} else if (!empty($row->pwd_new) && !password_verify($this->userPwd, $row->pwd_new)) { | } else if (!empty($row->pwd_new) && !password_verify($this->userPwd, $row->pwd_new)) { | ||||
$this->loginError($row->id); | |||||
return -2; | return -2; | ||||
} else if (!empty($row->pwd) && $pwd != $row->pwd) { | } else if (!empty($row->pwd) && $pwd != $row->pwd) { | ||||
$this->loginError($row->id); | |||||
return -2; | return -2; | ||||
}else { | |||||
} else { | |||||
$upsql = ""; | $upsql = ""; | ||||
if (empty($row->pwd_new) && function_exists('password_hash')) { | if (empty($row->pwd_new) && function_exists('password_hash')) { | ||||
//升级密码 | //升级密码 | ||||
@@ -234,13 +236,58 @@ class userLogin | |||||
$this->userChannel = $row->typeid; | $this->userChannel = $row->typeid; | ||||
$this->userName = $row->uname; | $this->userName = $row->uname; | ||||
$this->userPurview = $row->purviews; | $this->userPurview = $row->purviews; | ||||
$inquery = "UPDATE `#@__admin` SET loginip='$loginip',logintime='".time()."'{$upsql} WHERE id='".$row->id."'"; | |||||
$inquery = "UPDATE `#@__admin` SET loginip='$loginip',logintime='" . time() . "'{$upsql},loginerr=0 WHERE id='" . $row->id . "'"; | |||||
$dsql->ExecuteNoneQuery($inquery); | $dsql->ExecuteNoneQuery($inquery); | ||||
$sql = "UPDATE `#@__member` SET logintime=".time().", loginip='$loginip' WHERE mid=".$row->id; | |||||
$sql = "UPDATE `#@__member` SET logintime=" . time() . ", loginip='$loginip' WHERE mid=" . $row->id; | |||||
$dsql->ExecuteNoneQuery($sql); | $dsql->ExecuteNoneQuery($sql); | ||||
return 1; | return 1; | ||||
} | } | ||||
} | } | ||||
/** | |||||
* 是否需要验证码 | |||||
* | |||||
* @param mixed $username | |||||
* @return bool | |||||
*/ | |||||
function isNeedCheckCode($username) | |||||
{ | |||||
$num = $this->getLoginError($username); | |||||
return $num >= 3 ? true : false; | |||||
} | |||||
/** | |||||
* 1分钟以内登录错误的次数 | |||||
* | |||||
* @param mixed $username | |||||
* @return int 登录错误次数 | |||||
*/ | |||||
function getLoginError($username) | |||||
{ | |||||
global $dsql; | |||||
$this->userName = preg_replace("/[^0-9a-zA-Z_@!\.-]/", '', $username); | |||||
$row = $dsql->GetOne("SELECT loginerr,logintime FROM `#@__admin` WHERE userid LIKE '$this->userName'"); | |||||
if (is_array($row)) { | |||||
//1分钟内如果输错3次则需要验证码 | |||||
return (time() - (int)$row['logintime']) < 60 ? (int)$row['loginerr'] : 0; | |||||
} else { | |||||
return -1; | |||||
} | |||||
} | |||||
/** | |||||
* 记录登录错误 | |||||
* | |||||
* @return void | |||||
*/ | |||||
function loginError($adminid) | |||||
{ | |||||
global $dsql; | |||||
$loginip = GetIP(); | |||||
$inquery = "UPDATE `#@__admin` SET loginip='$loginip',logintime='" . time() . "',loginerr=loginerr+1 WHERE id='" . $adminid . "'"; | |||||
$dsql->ExecuteNoneQuery($inquery); | |||||
} | |||||
/** | /** | ||||
* 保持用户的会话状态 | * 保持用户的会话状态 | ||||
* | * | ||||
@@ -281,7 +328,7 @@ class userLogin | |||||
function ReWriteAdminChannel() | function ReWriteAdminChannel() | ||||
{ | { | ||||
//$this->userChannel | //$this->userChannel | ||||
$cacheFile = DEDEDATA.'/cache/admincat_'.$this->userID.'.inc'; | |||||
$cacheFile = DEDEDATA . '/cache/admincat_' . $this->userID . '.inc'; | |||||
//管理员管理的栏目列表 | //管理员管理的栏目列表 | ||||
$typeid = trim($this->userChannel); | $typeid = trim($this->userChannel); | ||||
if (empty($typeid) || $this->getUserType() >= 10) { | if (empty($typeid) || $this->getUserType() >= 10) { | ||||
@@ -296,7 +343,7 @@ class userLogin | |||||
$typeids = explode(',', $typeid); | $typeids = explode(',', $typeid); | ||||
$typeid = ''; | $typeid = ''; | ||||
foreach ($typeids as $tid) { | foreach ($typeids as $tid) { | ||||
$typeid .= ($typeid == '' ? GetSonIdsUL($tid) : ','.GetSonIdsUL($tid)); | |||||
$typeid .= ($typeid == '' ? GetSonIdsUL($tid) : ',' . GetSonIdsUL($tid)); | |||||
} | } | ||||
$typeids = explode(',', $typeid); | $typeids = explode(',', $typeid); | ||||
$typeidsnew = array_unique($typeids); | $typeidsnew = array_unique($typeids); | ||||
@@ -443,4 +490,3 @@ function GetSonIdsLogicUL($id, $sArr, $channel = 0, $addthis = FALSE) | |||||
} | } | ||||
} | } | ||||
} | } | ||||
?> |
@@ -13,10 +13,10 @@ | |||||
<script> | <script> | ||||
//校验是否登录 | //校验是否登录 | ||||
function CheckLogin() { | function CheckLogin() { | ||||
$.get("{dede:global.cfg_cmsurl/}/user/ajax_loginsta.php?format=json",function(data) { | |||||
$.get("{dede:global.cfg_cmsurl/}/user/api.php?format=json",function(data) { | |||||
let result = JSON.parse(data); | let result = JSON.parse(data); | ||||
if (result.code === 200) { | if (result.code === 200) { | ||||
$("#_login").html(`<a href="/user/edit_baseinfo.php"class="user-admin mr-3"><img src="${result.data.facepic}" alt="${result.data.username}" title="${result.data.username}">${result.data.username}</a><a href="/user" class="btn btn-primary btn-sm"><i class="fa fa-user-circle"></i></a><a href="/user/pm.php" class="btn btn-primary btn-sm"><i class="fa fa-bullhorn"></i></a><a href="/user/index_do.php?fmdo=login&dopost=exit" class="btn btn-success btn-sm"><i class="fa fa-sign-out"></i></a>`); | |||||
$("#_login").html(`<a href="{dede:global.cfg_cmsurl/}/user/edit_baseinfo.php"class="user-admin mr-3"><img src="${result.data.facepic}" alt="${result.data.username}" title="${result.data.username}">${result.data.username}</a><a href="{dede:global.cfg_cmsurl/}/user" class="btn btn-primary btn-sm"><i class="fa fa-user-circle"></i></a><a href="/user/pm.php" class="btn btn-primary btn-sm"><i class="fa fa-bullhorn"></i></a><a href="{dede:global.cfg_cmsurl/}/user/index_do.php?fmdo=login&dopost=exit" class="btn btn-success btn-sm"><i class="fa fa-sign-out"></i></a>`); | |||||
$("#iptUsername").val(result.data.username); | $("#iptUsername").val(result.data.username); | ||||
$("#iptUsername").attr("disabled", "disabled"); | $("#iptUsername").attr("disabled", "disabled"); | ||||
$(".areaValidate").hide(); | $(".areaValidate").hide(); | ||||
@@ -105,7 +105,7 @@ | |||||
<button class="btn btn-success btnSend" type="button" onClick='SendReplyFeedback(${fid})'>回复</button> | <button class="btn btn-success btnSend" type="button" onClick='SendReplyFeedback(${fid})'>回复</button> | ||||
</div> | </div> | ||||
</div>`; | </div>`; | ||||
$.get("{dede:global.cfg_cmsurl/}/user/ajax_loginsta.php?format=json", function(data) { | |||||
$.get("{dede:global.cfg_cmsurl/}/user/api.php?format=json", function(data) { | |||||
let result = JSON.parse(data); | let result = JSON.parse(data); | ||||
if (result.code !== 200) { | if (result.code !== 200) { | ||||
$(`._feedback_reply`).html(""); | $(`._feedback_reply`).html(""); | ||||
@@ -1,52 +0,0 @@ | |||||
<?php | |||||
/** | |||||
* @version $id:ajax_loginsta.php 8:38 2010年7月9日 tianya $ | |||||
* @package DedeBIZ.User | |||||
* @copyright Copyright (c) 2022 DedeBIZ.COM | |||||
* @license https://www.dedebiz.com/license | |||||
* @link https://www.dedebiz.com | |||||
*/ | |||||
define('AJAXLOGIN', TRUE); | |||||
require_once(dirname(__FILE__)."/config.php"); | |||||
AjaxHead(); | |||||
$format = isset($format) ? "json" : ""; | |||||
if (!$cfg_ml->IsLogin()) { | |||||
if ($format === 'json') { | |||||
echo json_encode(array( | |||||
"code" => -1, | |||||
"msg" => "尚未登录", | |||||
"data" => null, | |||||
)); | |||||
} else { | |||||
echo ""; | |||||
} | |||||
exit; | |||||
} | |||||
$uid = $cfg_ml->M_LoginID; | |||||
!$cfg_ml->fields['face'] && $face = ($cfg_ml->fields['sex'] == '女') ? 'dfgirl' : 'dfboy'; | |||||
$facepic = empty($face) ? $cfg_ml->fields['face'] : $GLOBALS['cfg_memberurl'].'/templets/images/'.$face.'.png'; | |||||
if ($format === 'json') { | |||||
echo json_encode(array( | |||||
"code" => 200, | |||||
"msg" => "", | |||||
"data" => array( | |||||
"username" => $cfg_ml->M_UserName, | |||||
"myurl" => $myurl, | |||||
"facepic" => $facepic, | |||||
"memberurl" => $cfg_memberurl, | |||||
), | |||||
)); | |||||
exit; | |||||
} | |||||
?> | |||||
<div class="userinfo"> | |||||
<div class="welcome">您好:<?php echo $cfg_ml->M_UserName;?>,欢迎登录 </div> | |||||
<div class="userface"> | |||||
<a href="<?php echo $cfg_memberurl;?>/index.php"><img src="<?php echo $facepic;?>" width="52" height="52" /></a> | |||||
</div> | |||||
<div class="uclink"> | |||||
<a href="<?php echo $cfg_memberurl;?>/index.php">会员中心</a> | | |||||
<a href="<?php echo $cfg_memberurl;?>/edit_baseinfo.php">资料</a> | | |||||
<a href="<?php echo $cfg_memberurl;?>/index_do.php?fmdo=login&dopost=exit">退出登录</a> | |||||
</div> | |||||
</div> |
@@ -0,0 +1,68 @@ | |||||
<?php | |||||
/** | |||||
* @version $id:api.php 8:38 2010年7月9日 tianya $ | |||||
* @package DedeBIZ.User | |||||
* @copyright Copyright (c) 2022 DedeBIZ.COM | |||||
* @license https://www.dedebiz.com/license | |||||
* @link https://www.dedebiz.com | |||||
*/ | |||||
define('AJAXLOGIN', TRUE); | |||||
require_once(dirname(__FILE__)."/config.php"); | |||||
AjaxHead(); | |||||
$action = isset($action)? $action : ''; | |||||
if ($action === 'is_need_check_code') { | |||||
$isNeed = $cfg_ml->isNeedCheckCode($userid); | |||||
echo json_encode(array( | |||||
"code" => 0, | |||||
"msg" => "", | |||||
"data" => array( | |||||
"isNeed" => $isNeed, | |||||
), | |||||
)); | |||||
exit; | |||||
} else { | |||||
$format = isset($format) ? "json" : ""; | |||||
if (!$cfg_ml->IsLogin()) { | |||||
if ($format === 'json') { | |||||
echo json_encode(array( | |||||
"code" => -1, | |||||
"msg" => "尚未登录", | |||||
"data" => null, | |||||
)); | |||||
} else { | |||||
echo ""; | |||||
} | |||||
exit; | |||||
} | |||||
$uid = $cfg_ml->M_LoginID; | |||||
!$cfg_ml->fields['face'] && $face = ($cfg_ml->fields['sex'] == '女') ? 'dfgirl' : 'dfboy'; | |||||
$facepic = empty($face) ? $cfg_ml->fields['face'] : $GLOBALS['cfg_memberurl'].'/templets/images/'.$face.'.png'; | |||||
if ($format === 'json') { | |||||
echo json_encode(array( | |||||
"code" => 200, | |||||
"msg" => "", | |||||
"data" => array( | |||||
"username" => $cfg_ml->M_UserName, | |||||
"myurl" => $myurl, | |||||
"facepic" => $facepic, | |||||
"memberurl" => $cfg_memberurl, | |||||
), | |||||
)); | |||||
exit; | |||||
} | |||||
?> | |||||
<div class="userinfo"> | |||||
<div class="welcome">您好:<?php echo $cfg_ml->M_UserName;?>,欢迎登录 </div> | |||||
<div class="userface"> | |||||
<a href="<?php echo $cfg_memberurl;?>/index.php"><img src="<?php echo $facepic;?>" width="52" height="52" /></a> | |||||
</div> | |||||
<div class="uclink"> | |||||
<a href="<?php echo $cfg_memberurl;?>/index.php">会员中心</a> | | |||||
<a href="<?php echo $cfg_memberurl;?>/edit_baseinfo.php">资料</a> | | |||||
<a href="<?php echo $cfg_memberurl;?>/index_do.php?fmdo=login&dopost=exit">退出登录</a> | |||||
</div> | |||||
</div> | |||||
<?php | |||||
} | |||||
?> |
@@ -180,6 +180,15 @@ else if ($fmdo == 'login') { | |||||
ShowMsg("密码不能为空", "-1", 0, 2000); | ShowMsg("密码不能为空", "-1", 0, 2000); | ||||
exit(); | exit(); | ||||
} | } | ||||
$isNeed = $cfg_ml->isNeedCheckCode($userid); | |||||
if ($isNeed) { | |||||
$svali = GetCkVdValue(); | |||||
if (strtolower($vdcode) != $svali || $svali == '') { | |||||
ResetVdValue(); | |||||
ShowMsg('验证码错误', 'index.php'); | |||||
exit(); | |||||
} | |||||
} | |||||
//检查帐号 | //检查帐号 | ||||
$rs = $cfg_ml->CheckUser($userid, $pwd); | $rs = $cfg_ml->CheckUser($userid, $pwd); | ||||
if ($rs == 0) { | if ($rs == 0) { | ||||
@@ -9,6 +9,7 @@ | |||||
<link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/style.css"> | <link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/style.css"> | ||||
<link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/user.css"> | <link rel="stylesheet" href="<?php echo $cfg_cmsurl;?>/static/web/css/user.css"> | ||||
<script src="<?php echo $cfg_cmsurl;?>/static/web/js/jquery.min.js"></script> | <script src="<?php echo $cfg_cmsurl;?>/static/web/js/jquery.min.js"></script> | ||||
<script src="<?php echo $cfg_cmsurl;?>/static/web/js/login.js"></script> | |||||
</head> | </head> | ||||
<body class="body-bg"> | <body class="body-bg"> | ||||
<?php pasterTempletDiy('top.htm');?> | <?php pasterTempletDiy('top.htm');?> | ||||
@@ -23,8 +24,14 @@ | |||||
<input type="hidden" name="dopost" value="login"> | <input type="hidden" name="dopost" value="login"> | ||||
<input type="hidden" name="keeptime" value="604800"> | <input type="hidden" name="keeptime" value="604800"> | ||||
<input type="hidden" name="gourl" value="<?php if (!empty($gourl)) echo $gourl;?>"> | <input type="hidden" name="gourl" value="<?php if (!empty($gourl)) echo $gourl;?>"> | ||||
<div class="form-group"><input name="userid" type="text" class="form-control" placeholder="输入用户名"></div> | |||||
<div class="form-group"><input id="iptUserid" name="userid" type="text" class="form-control" placeholder="输入用户名"></div> | |||||
<div class="form-group"><input name="pwd" type="password" class="form-control" id="iptPwd" placeholder="输入密码"></div> | <div class="form-group"><input name="pwd" type="password" class="form-control" id="iptPwd" placeholder="输入密码"></div> | ||||
<div class="form-group" id="vdimgck" style="display: none;"> | |||||
<div class="input-group"> | |||||
<input name="vdcode" type="text" class="form-control text-uppercase" id="iptValidate" placeholder="请输入验证码"> | |||||
<img src="<?php echo $cfg_cmsurl;?>/apps/vdimgck.php" id="validateimg" onclick="this.src='<?php echo $cfg_cmsurl;?>/apps/vdimgck.php?'+new Date().getTime()+Math.round(Math.random() * 10000)" title="验证码"> | |||||
</div> | |||||
</div> | |||||
<div class="form-group"><button type="submit" class="btn btn-success w-100">登录</button></div> | <div class="form-group"><button type="submit" class="btn btn-success w-100">登录</button></div> | ||||
<div class="form-group"><a href="<?php echo $cfg_memberurl;?>/index_do.php?fmdo=user&dopost=regnew" class="btn btn-outline-success w-100">注册</a></div> | <div class="form-group"><a href="<?php echo $cfg_memberurl;?>/index_do.php?fmdo=user&dopost=regnew" class="btn btn-outline-success w-100">注册</a></div> | ||||
<div><a href="<?php echo $cfg_memberurl;?>/resetpassword.php" class="text-dark">忘记密码</a></div> | <div><a href="<?php echo $cfg_memberurl;?>/resetpassword.php" class="text-dark">忘记密码</a></div> | ||||